1. Field
A firewall and an anti-malware engine are constructed using ASIC-based hardware on a system-on-chip (SoC) in consideration of resources and performance improvement of the portable terminal to detect malicious code introduced into the portable terminal.
2. Description of the Related Art
As their widespread proliferation continues, portable terminals such as smartphones, personal digital assistants (PDAs), wireless broadband (WiBro) terminals, etc. are becoming necessities of modern life. Countless people use portable terminals (mobile devices) to communicate with one another, to exchange information, and also to exchange important business information through voice and data communication.
However, as the hardware functions of portable terminals expand and improve, application programs executed in the portable terminals become more diverse and complicated. This increases the likelihood of existing malicious codes that have attacked computers causing serious damage to portable terminals also. In particular, the widespread proliferation of wireless portable Internet services such as WiBro has led to the advent of mobile malicious code (mobile malware) that attacks vulnerabilities in application programs and services for portable terminals such as Bluetooth, multimedia messaging system (MMS), etc., in addition to malicious code that attacks vulnerabilities in existing computer application programs.
Examples of the mobile malicious code include the Timofonica worm, whose name is a modification of Telefonica, I-mode malicious code, and viruses (Phage, Vapor, and Liberty) operating in a short message service (SMS) and Palm operating system (OS).
Various types of malicious code may cause portable terminals to malfunction and may also cause serious problems such as deletion of data and leakage of personal information. Thus, countermeasures are required to effectively protect portable terminals from various malicious codes.
Anti-malware solutions applied to existing portable terminals are based on software, and the way in which they operate is as follows. A software-based vaccine program basically involves an anti-malware engine and a signature matching unit, and has a structure in which a virus signature database (DB) is periodically updated.
When scanning files in such a structure, anti-virus software searches for files that match signatures in the database to check whether or not the files are infected with a virus or to detect abnormal files. Also, firewalls applied to existing portable terminals block all network access attempts from the outside or network connection with a specific external program according to whether or not a policy has been established.
In this way, the anti-malware solutions applied to existing portable terminals are constructed on the basis of software and used in mobile devices without modification. However, mobile devices have relatively many limitations with respect to resources such as a central processing unit (CPU) and a battery. Thus, when the existing model is used as is, performance deterioration makes it inconvenient for a user to perform any operation other than malicious code detection. Furthermore, when using a software-based virus vaccine solution for existing portable terminals, performance deterioration makes it difficult to monitor all packets received via a network.